HOWTO: keeping FreeBSD's base system and packages up-to-date

vermaden · #1 September 5th, 2011, 12:36

Today, I would like to 'touch' an ungrateful topic of keeping both FreeBSD's base system and installed packages up-to-date.

After I started using FreeBSD at 5.4 times (2005) I have tried various methods of keeping my FreeBSD installations up-to-date, many of them terribly failed, but some recent ones seem to do the job as advertised. Even not so recently ago I thought, lets stick to RELEASE and do not compile newer versions of packages as there are available packages at FTP ... but there is a big problem with such attitude. First, once the RELEASE is completed, there are only security fixes for the base system, but there are no bug fixes for the RELEASE. Its even worse with packages for RELEASE since once they are built they are never later updated, even if they have security issues, not even mentioning bugs. So that is definitely not the right way.

The sollution seems to be tracking STABLE tree for the base system along with packages that are built every 2 weeks for the STABLE tree and compiling only when there are security issues in some of the installed packages, but there are for example 10 more days before their rebuilt versions would show up on the STABLE tree FTP. Below I would try to describe all that process of keeping FreeBSD up-to-date as simple as possible. In the first part I would focus on the base system and the second one will cover keeping packages up-to-date.

Some important information about keeping Your system this way. You would not rebuild the base system every day, not even every week, just when needed. Now what does it mean 'when needed' ... For example when there is a security issue, You would just follow the instructions in the SA (security advisory) to fix that issue, there is no need to rebuild whole world. The only reasons to rebuild the base system are that there has been found and fixed a bug in STABLE that affects You or that You need new features that has been merged into the STABLE branch (from CURRENT for example) like newer ZFS version or whatever.

As for the installation, You can install the RELEASE version and update to STABLE or install the daily STABLE snapshot so You would not have to build entire base system from source, the daily ISO images are available at http://pub.allbsd.org/FreeBSD-snapshots/ server.

EDIT:

Article also available as PDF here: http://bsdmag.org/magazine/1784-freebsd-get-up-to-date

If You want to have it separated from other articles, here's the way:

 # pkg_add -r pdftk

% pdftk 'BSDmag 2012-01.pdf' cat 28-36 output 'BSDmag 2012-01 up-do-date.pdf'

... or as plain HTML at the bottom of this post.

vermaden · #2 September 5th, 2011, 12:36

PART I. Keeping the FreeBSD base system up-to-date

Some facts about FreeBSD's base system:
-- once RELEASE is completed, there are only security fixes, there are no bug fixes
-- bugs in STABLE tree are fixed
-- security issues are also fixed in STABLE
-- the RELEASE branch allows to use binary updates via freebsd-update tool for security fixes
-- the STABLE branch requires compiling of the FreeBSD base system

We need to clone the current cource tree if we want to build up to date STABLE branch FreeBSD's base system, we will also need to update our sources to the current state so its quite handy to find fastest server for Your location, it can be easily done by using fastest_cvsup package.

Code:

# pkg_add -r fastest_cvsup
# fastest_cvsup -c all
(...)

>>  Speed Daemons:
    - 1st: cvsup.pl.freebsd.org
    - 2nd: cvsup11.ua.freebsd.org
    - 3rd: cvsup5.de.freebsd.org

For my location it is cvsup.pl.freebsd.org which in most cases will be different ther for Your location, so remember to put Your's fastest in the next steps.

Create simple supfile that will be used by csup to keep FreeBSD's base system sources up-to-date. There are useful examples under /usr/share/examples/cvsup/ if you want to 'dig more'.

Code:

# cat > /root/stable-supfile << EOF
*default host=cvsup.pl.freebsd.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=RELENG_8
*default delete use-rel-suffix
*default compress
src-all
EOF

Now lets get/update our sources to the current state, the list of edited/checked files will be quite different on Your box since I already have quite up-to-date sources, this will take more time if You do not have the sources on the disk.

Code:

# csup /root/stable-supfile
Connected to 188.125.237.138
Updating collection src-all/cvs
 Edit src/bin/ed/buf.c
 Edit src/sbin/fsck_ffs/main.c
 Edit src/sbin/mdconfig/mdconfig.8
 Edit src/sbin/mdconfig/mdconfig.c
 Edit src/share/man/man4/ath.4
 Edit src/share/man/man4/ath_hal.4
 Edit src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
 Edit src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
 Edit src/sys/dev/ahci/ahci.c
 Edit src/sys/fs/msdosfs/msdosfs_vnops.c
 Edit src/sys/fs/nfsclient/nfs_clbio.c
 Edit src/sys/fs/nfsserver/nfs_nfsdserv.c
 Edit src/sys/fs/nwfs/nwfs_io.c
 Edit src/sys/fs/smbfs/smbfs_io.c
 Edit src/sys/fs/tmpfs/tmpfs_vnops.c
 Edit src/sys/gnu/fs/xfs/FreeBSD/xfs_vnops.c
 Edit src/sys/kern/uipc_usrreq.c
 Edit src/sys/kern/vfs_vnops.c
 Edit src/sys/nfsclient/nfs_bio.c
 Edit src/sys/sparc64/sbus/sbus.c
 Edit src/sys/sys/vnode.h
 Edit src/sys/ufs/ffs/ffs_inode.c
 Edit src/sys/ufs/ffs/ffs_vnops.c
Finished successfully

Alternatively, You can grab the sources by SVN protocol, but You will need devel/subversion16 port/package for that purpose. Its generally a lot faster/easier to 'setup' then csup but the 'csup way' has one important advantage, its in the FreeBSD's base system, so its always available, anywhere. With SVN, You will have to add a package first which sometimes may be cumbersome. But as the FreeBSD source tree is kept under SVN it is possible that SVN will be part of the FreeBSD's base system one day.

Its also important to mention, that sources downloaded by subversion are not compatible with the sources grabbed by csup, so once You will decide which method to use, stick with it, unless You want to download the whole FreeBSD's source tree again. Below is the line needed to update the FreeBSD sources to 9-STABLE latest state.

Code:

# svn checkout svn://svn.freebsd.org/base/stable/9 /usr/src

Its the same no matter if You download the whole tree or just doing an update from yesterday. If svn will complain about anything, just delete the /usr/src and type the command again.

Now as we have the sources we can continue to building the FreeBSD's base system from source. As for editing the kernel config, You do not even have to bother about it, just use GENERIC, this guide is not about stripping the base system and kernel components, its about keeping everything up-to-date. Of course if You want to, then use Your tweaked kernel config, it will not interfere with the rest of this guide. You may want to put nice -n 20 in front of make buildworld ... line to make that build process less 'amusing' for your system. As instructions are completed, Your system will reboot.

Code:

# cd /usr/src
# rm -r -f /usr/obj
# make buildworld kernel KODIR=/boot/testing
# nextboot -k testing
# shutdown -r now

We are now proceeding to the second phase of the upgrade process, after normal boot (single user mode not required and definitely prohibited while doing upgrade over the network) stop all unneeded services (remember to keep sshd daemon alive if you are doing upgrade via network). If your system booted up properly, then You can make the new testing kernel the default one, at least there should not be any problems with the GENERIC kernel config

Code:

# cd /boot
# rm -r -f OLD
# mv kernel OLD
# mv testing kernel

Code:

# killall dhclient moused
# /etc/rc.d/cron stop
# /etc/rc.d/devd stop
# /etc/rc.d/sshd stop
# /etc/rc.d/powerd stop
# /etc/rc.d/syslogd stop

The list of started processes will look something like that including (or not) sshd for keeping up the network connection.

Code:

# top -b
last pid: 64835;  load averages:  0.00,  0.00,  0.00  up 0+03:11:51    10:24:37
119 processes: 2 running, 117 sleeping

Mem: 960M Active, 355M Inact, 4014M Wired, 6096K Cache, 8368K Buf, 2527M Free
Swap:

  PID USERNAME      THR PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND
 2178 root            1  54    0 10304K  2748K ppwait  0   0:00  0.00% csh
 2174 root            1  45    0 21696K  1992K wait    0   0:00  0.00% login
 2177 root            1  76    0  6912K  1284K ttyin   0   0:00  0.00% getty
 2176 root            1  76    0  6912K  1284K ttyin   1   0:00  0.00% getty
 2175 root            1  76    0  6912K  1284K ttyin   0   0:00  0.00% getty
  114 root            1  76    0  2764K  1056K pause   0   0:00  0.00% adjkerntz

Now we can continue to type rest of needed instructions to finish the update, the mergemaster will ask You for the differences in startup scripts that You have modified and configuration files, type 'I' to install the new/default config and/or script and select 'D' to leave the version that you have in the system, remember that You can also add these changes later, it may be not appreciate to install default firewall config or customized OpenSSH config while doing the network upgrade.

Code:

# cd /usr/src
# mergemaster -p
# make installworld
# mergemaster -iU
# make delete-old
# shutdown -r now

After that second reboot You should have updates to STABLE branch FreeBSD's base system, I wrote 'should' because sometimes things do not go the way we want them to go, especially if you are doing it the first time as once Aerosmith sing "I know it's everybody's sin, You got to lose to know how to win". It would be best to do these instructions as exercise under virtual machine like VirtualBox or QEMU.

Also, if you do not feel that STABLE is 'production enought', then You may want to use STABLE packages along with RELEASE base system, You will need to define environment variable PACKAGESITE that will point to ftp://ftp.freebsd.org/pub/FreeBSD/po...stable/Latest/ at least for FreeBSD 8.x system.

vermaden · #3 September 5th, 2011, 12:36

PART II. Keeping the FreeBSD packages up-to-date

Keeping packages up to date is little more tricky, we will also need the STABLE branch for them as these in RELEASE are not updated. Lets assume that You installed the FreeBSD STABLE snapshot a month ago, along with packages that were built by then, now there will be quite a lot of new versions for many packages which is not that important, but some of them can (and probably have) security issues and definitely should be updated. You can of course compile them from Ports using portmaster but why waste time for compiling, when You can use built every 2 weeks packages from the STABLE branch? The pkg_upgrade script from the bsdadminscripts package will be quite helpful here. It will fetch latest available packages from the STABLE FTP and there is a chance that the security issues will be solved by the newer versions, if not, we are forced to rebuild those packages from source using portmaster, but its a lot better and faster to recompile 1-2 packages instead of 30 or more.

As for updating the packages, I generally check them daily, mostly for security issues that would be reported with portaudit, there are often new versions reported, sometimes even quite lot, but as long as there are 0 problem(s) in your installed packages found. I do not bother. From time to time I fire up pkg_upgrade -a -C to fetch the latest packages from the STABLE branch FTP.

Some of You would certainly ask why use pkg_upgrade instead of updating with portmaster? Well, for example You have package z-1.0 installed in Your system, latest package available on the FTP is z-1.1 (newer) but version in Ports is z-1.2, so portmaster will omit that z-1.1 package no matter if its newer or not and will force You to compile the z-1.2 package from the Ports system.

Keeping FreeBSD packages up-to-date in short:
-- use packages from STABLE that are built every 2 weeks
-- use pkg_upgrade to update packages
-- use portmaster to rebuild packages that have security issues

Some facts about being up-to-date with FreeBSD's packages:
-- with every RELEASE packages are built and then they are never updated, even if they have security issues
-- for the STABLE tree packages are rebuilt every 2 weeks

First, we need to install tools that we will use to keep FreeBSD packages up-to-date.

Code:

# pkg_add -r bsdadminscripts portmaster portaudit

Optionally, we can allow users in group wheel to perform these task using sudo (You will have to add sudo package with pkg_add -r sudo commend) as they are already allowed to login on the root account, we can of course create separate group like maintainers that will be allowed to perform upgrades. You will need this line below in /usr/local/etc/sudoers file.

Code:

%wheel ALL=NOPASSWD: /usr/sbin/portsnap, /usr/local/sbin/pkg_upgrade, /usr/local/sbin/portmaster, /usr/local/sbin/portaudit

Here is the most important part, the commands put together into functions that will allow us easy checking for newer versions of the packages, security issues and updating them to newer/fixed versions. The ports-check function fetches latest Ports tree, then shows what new packages are available comparing to those installed on the system, next the security issues are checked with portaudit and last, the /usr/ports/UPDATING file is checked for various messages that can affect us. The ports-check does not rebuild or update any packages, only, as the name says, checks.

Code:

function ports-check {
  # FETCH LATEST PORTS TREE
  sudo portsnap fetch update

  # CHECK WHAT NEW VERSIONS EXIST
  sudo portmaster -L --index-only | awk '/ [Nn]ew / { print substr($0,9,9999) }'

  # CHECK SECURITY ISSUES
  sudo portaudit -Fda

  # CHECK /usr/ports/UPDATING MESSAGES
  pkg_updating -d $( ls -ltr -D '%Y%m%d' /var/db/pkg | awk 'END{print $6}' )
}

The second function, ports-update is for updating the packages using the STABLE branch, it uses pkg_upgrade from bsdadminscripts, but it will not compile from Ports.

Code:

function ports-update {
  # UPDATE PACKAGES USING STABLE PATH ON FTP
  sudo pkg_upgrade -a -C 2>&1 | grep --color=none --line-buffered -E "^(=+>|/usr/ports|/var/db)"

  # FIX DEPENDENCIES AS NEEDED
  sudo portmaster --check-depends
}

The last one named ports-build rebuilds the specified package or all of them if You do not specify one, used mostly to rebuild packages with security issues.

Code:

function ports-build {
  # REBUILD SINGLE, SEVERAL OR ALL PORTS
  case ${#} in
    (0) sudo portmaster -y --no-confirm --packages-if-newer -m 'BATCH=yes' -d -a ;;
    (*) sudo portmaster -y --no-confirm --packages-if-newer -m 'BATCH=yes' -d $@ ;;
  esac

  # FIX DEPENDENCIES AS NEEDED
  sudo portmaster --check-depends
}

... and thats it generally, I would show some example of these functions usage below.

You will have to put these functions into Your shells startup files, it will be /etc/profile for sh shell and bash, /etc/zshrc for zsh. It will not work for C-shells like csh since they do not support functions and are retarded in many other ways: http://www.grymoire.com/Unix/CshTop10.txt

Drawbacks

Using this way of keeping the installed packages up-to-date You have to remember two things.

Customized packages. If You built some package with non-default options by compiling it, after upgrade it will 'revert' do the default options and You will have to build it again.

Kernel modules. Any package that comes with kernel modules can and probably will break at some point because the STABLE source tree is a 'moving target', that is one of the good reasons to update the base system and then update to latest packages. The packages that have kernel modules are for example emulators/virtualbox-ose (VirtualBox), sysutils/fusefs-kmod (FUSE implementation) and most notably x11/nvidia-driver (binary nVidia graphics driver).

vermaden · #4 September 5th, 2011, 12:36

EXAMPLE II.1. Typical output about new/updated ports and new versions available.

Code:

% ports-check
Looking up portsnap.FreeBSD.org mirrors... 5 mirrors found.
Fetching snapshot tag from portsnap5.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Mon Sep  5 07:11:28 CEST 2011 to Mon Sep  5 08:51:01 CEST 2011.
Fetching 3 metadata patches.. done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 10 patches.....10 done.
Applying patches... done.
Fetching 1 new ports or files... done.
Removing old files and directories... done.
Extracting new files:
/usr/ports/chinese/c2t/
/usr/ports/chinese/hc/
/usr/ports/devel/Makefile
/usr/ports/devel/p5-System-Command/
/usr/ports/german/mythes/
/usr/ports/math/p5-Statistics-R/
/usr/ports/polish/hunspell/
/usr/ports/textproc/es-mythes/
/usr/ports/textproc/nl-mythes/
/usr/ports/textproc/sk-mythes/
/usr/ports/textproc/sl-mythes/
Building new INDEX files... done.
New version available: arc-5.21p
New version available: ca_root_nss-3.12.11_1
New version available: expat-2.0.1_2
New version available: tinyxml-2.6.2
New version available: bash-4.1.11
New version available: gstreamer-plugins-0.10.35_1,3
New version available: gtk-2.24.6
New version available: gtk-update-icon-cache-2.24.6
New version available: libsamplerate-0.1.8_1
New version available: nas-1.9.3
New version available: nettle-2.4
New version available: p5-Date-Manip-6.25
New version available: p5-Mail-IMAPClient-3.29
New version available: p5-XML-Parser-2.41
New version available: xterm-273
New version available: filezilla-3.5.1
New version available: firefox-6.0.1,1
New version available: gtk-oxygen-engine-1.1.2
New version available: nginx-1.0.6,1
New version available: qemu-0.11.1_10
20 have new versions available
New database installed.
Database created: Thu Sep  1 21:20:00 CEST 2011
0 problem(s) in your installed packages found.

EXAMPLE II.2. A report that also shows some security issues.

Code:

% ports-check
Looking up portsnap.FreeBSD.org mirrors... 5 mirrors found.
Fetching snapshot tag from portsnap1.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Mon Sep  5 10:28:51 CEST 2011 to Mon Sep  5 12:07:23 CEST 2011.
Fetching 3 metadata patches.. done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 20 patches.....10....20 done.
Applying patches... done.
Fetching 1 new ports or files... done.
Removing old files and directories... done.
Extracting new files:
/usr/ports/MOVED
/usr/ports/Mk/bsd.sites.mk
/usr/ports/cad/Makefile
/usr/ports/devel/Makefile
/usr/ports/devel/p5-Bread-Board-Declare/
/usr/ports/devel/p5-Curses-UI/
/usr/ports/devel/p5-Data-Peek/
/usr/ports/devel/p5-Scope-Upper/
/usr/ports/dns/pear-Net_DNS2/
/usr/ports/lang/p5-Try-Tiny/
/usr/ports/mail/p5-Email-Valid/
/usr/ports/math/p5-Math-BigInt/
/usr/ports/math/p5-Statistics-Descriptive/
/usr/ports/net/pear-Net_SMTP/
/usr/ports/ports-mgmt/portaudit-db/
/usr/ports/sysutils/py-supervisor/
/usr/ports/sysutils/zfsnap/
/usr/ports/www/nginx-devel/
/usr/ports/www/nginx/
/usr/ports/www/rubygem-passenger/
/usr/ports/x11/Makefile
Building new INDEX files... done.
New version available: arc-5.21p
New version available: ca_root_nss-3.12.11_1
New version available: expat-2.0.1_2
New version available: tinyxml-2.6.2
New version available: bash-4.1.11
New version available: gstreamer-plugins-0.10.35_1,3
New version available: gtk-2.24.6
New version available: gtk-update-icon-cache-2.24.6
New version available: libsamplerate-0.1.8_1
New version available: nas-1.9.3
New version available: nettle-2.4
New version available: p5-Date-Manip-6.25
New version available: p5-Mail-IMAPClient-3.29
New version available: p5-XML-Parser-2.41
New version available: xterm-273
New version available: filezilla-3.5.1
New version available: firefox-6.0.1,1
New version available: gtk-oxygen-engine-1.1.2
New version available: nginx-1.0.6,1
New version available: qemu-0.11.1_10
20 have new versions available
auditfile.tbz                                 100% of   69 kB   54 kBps
New database installed.
Database created: Mon Sep  5 12:35:01 CEST 2011
Affected package: ca_root_nss-3.12.9
Type of problem: ca_root_nss -- Extraction of unsafe certificates into trust bundle..
Reference: http://portaudit.FreeBSD.org/1b27af4...027ef73ec.html

Affected package: ca_root_nss-3.12.9
Type of problem: nss/ca_root_nss -- Fraudulent Certificates issued by DigiNotar.nl.
Reference: http://portaudit.FreeBSD.org/aa5bc97...027ef73ec.html

2 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

EXAMPLE II.3. Solving the security issues by rebuilding the problematic package.

Code:

% ports-build ca_root_nss

===>>> Currently installed version: ca_root_nss-3.12.9
===>>> Port directory: /usr/ports/security/ca_root_nss

(...)

===>>> Updating dependency entry for ca_root_nss-3.12.11_1 in each dependent port
===>>> Upgrade of ca_root_nss-3.12.9 to ca_root_nss-3.12.11_1 complete

% ports-check
Looking up portsnap.FreeBSD.org mirrors... 5 mirrors found.
Fetching snapshot tag from portsnap2.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Mon Sep  5 12:07:23 CEST 2011 to Mon Sep  5 12:25:09 CEST 2011.
Fetching 3 metadata patches.. done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 2 patches.. done.
Applying patches... done.
Fetching 0 new ports or files... done.
Removing old files and directories... done.
Extracting new files:
/usr/ports/devel/p5-File-NFSLock/
/usr/ports/devel/p5-MooseX-Aliases/
Building new INDEX files... done.
New version available: arc-5.21p
New version available: expat-2.0.1_2
New version available: tinyxml-2.6.2
New version available: bash-4.1.11
New version available: gstreamer-plugins-0.10.35_1,3
New version available: gtk-2.24.6
New version available: gtk-update-icon-cache-2.24.6
New version available: libsamplerate-0.1.8_1
New version available: nas-1.9.3
New version available: nettle-2.4
New version available: p5-Date-Manip-6.25
New version available: p5-Mail-IMAPClient-3.29
New version available: p5-XML-Parser-2.41
New version available: xterm-273
New version available: filezilla-3.5.1
New version available: firefox-6.0.1,1
New version available: gtk-oxygen-engine-1.1.2
New version available: nginx-1.0.6,1
New version available: qemu-0.11.1_10
19 have new versions available
auditfile.tbz                                 100% of   69 kB   54 kBps
New database installed.
Database created: Mon Sep  5 12:40:01 CEST 2011
0 problem(s) in your installed packages found.

EXAMPLE II.4. Updating the installed packages using STABLE branch.

Code:

% ports-update
/var/db/uma/FTPINDEX                          100% of   21 MB 1139 kBps 00m00s
/usr/ports/packages/All/nettle-2.4.tbz        100% of 1082 kB  332 kBps
/usr/ports/packages/All/gtk-2.24.6.tbz        100% of 9822 kB  253 kBps 00m00s
/usr/ports/packages/All/gstreamer-plugins-0.10100% of 4091 kB  942 kBps
/usr/ports/packages/All/gtk-oxygen-engine-1.1.100% of  509 kB  339 kBps
/usr/ports/packages/All/filezilla-3.5.1.tbz   100% of 3301 kB  232 kBps 00m00s
/usr/ports/packages/All/nas-1.9.3.tbz         100% of  487 kB  494 kBps
/usr/ports/packages/All/expat-2.0.1_2.tbz     100% of  130 kB  129 kBps
/usr/ports/packages/All/xterm-273.tbz         100% of  262 kB  104 kBps
/usr/ports/packages/All/p5-XML-Parser-2.41.tbz100% of  184 kB  381 kBps
/usr/ports/packages/All/nginx-1.0.6,1.tbz     100% of  225 kB  206 kBps
/usr/ports/packages/All/qemu-0.11.1_10.tbz    100% of   12 MB  359 kBps 00m00s
/usr/ports/packages/All/tinyxml-2.6.2.tbz     100% of  170 kB  121 kBps
/usr/ports/packages/All/p5-Date-Manip-6.25.tbz100% of 1301 kB  681 kBps
===> Update <tinyxml-2.6.1_1> to <tinyxml-2.6.2> (textproc/tinyxml)
=> Update <tinyxml-2.6.1_1> to <tinyxml-2.6.2> (textproc/tinyxml) succeeded
===> Update <p5-Date-Manip-6.24> to <p5-Date-Manip-6.25> (devel/p5-Date-Manip)
=> Update <p5-Date-Manip-6.24> to <p5-Date-Manip-6.25> (devel/p5-Date-Manip) succeeded
===> Update <nginx-1.0.5,1> to <nginx-1.0.6,1> (www/nginx)
=> Update <nginx-1.0.5,1> to <nginx-1.0.6,1> (www/nginx) succeeded
===> Update <nettle-2.2> to <nettle-2.4> (security/nettle)
=> Update <nas-1.9.2> to <nas-1.9.3> (audio/nas) succeeded
===> Update <expat-2.0.1_1> to <expat-2.0.1_2> (textproc/expat2)
=> Update <expat-2.0.1_1> to <expat-2.0.1_2> (textproc/expat2) succeeded
===> Update <xterm-271> to <xterm-273> (x11/xterm)
=> Update <xterm-271> to <xterm-273> (x11/xterm) succeeded
===> Update <qemu-0.11.1_9> to <qemu-0.11.1_10> (emulators/qemu)
=> Update <qemu-0.11.1_9> to <qemu-0.11.1_10> (emulators/qemu) succeeded
===> Update <gtk-2.24.5_1> to <gtk-2.24.6> (x11-toolkits/gtk20)
=> Update <gtk-2.24.5_1> to <gtk-2.24.6> (x11-toolkits/gtk20) succeeded
===> Update <firefox-6.0_1,1> to <firefox-6.0.1,1> (www/firefox)
=> Update <firefox-6.0_1,1> to <firefox-6.0.1,1> (www/firefox) succeeded
===> Update <filezilla-3.5.0_1> to <filezilla-3.5.1> (ftp/filezilla)
=> Update <filezilla-3.5.0_1> to <filezilla-3.5.1> (ftp/filezilla) succeeded
===> Update <bash-4.1.10> to <bash-4.1.11> (shells/bash)
=> Update <bash-4.1.10> to <bash-4.1.11> (shells/bash) succeeded
===> Update <arc-5.21o_1> to <arc-5.21p> (archivers/arc)
=> Update <arc-5.21o_1> to <arc-5.21p> (archivers/arc) succeeded
===>>> Checking 2bsd-vi-050325_1
===>>> Checking ImageMagick-6.7.1.10
===>>> Checking ORBit2-2.14.19
===>>> Checking OpenEXR-1.6.1_3
===>>> Checking Thunar-1.2.2_2
(...)

vermaden · #5 September 5th, 2011, 12:37

Feel free to sent Your opinions/questions and Your ways of keeping both FreeBSD's base system and installed packages.

Kiiski · #6 September 5th, 2011, 16:55

Hi

I use ports myself, but about this:

Quote:

Some of You would certainly ask why use pkg_upgrade instead of updating with portmaster? Well, for example You have package z-1.0 installed in Your system, latest package available on the FTP is z-1.1 (newer) but version in Ports is z-1.2, so portmaster will omit that z-1.1 package no matter if its newer or not and will force You to compile the z-1.2 package from the Ports system.

From
man portmaster

Code:

   --packages-if-newer
         use package if newer than installed even if the package is not the
         latest according to the ports tree

Shouldn't that take care of situation you described?

vermaden · #7 September 6th, 2011, 05:50

@Kiiski

Maybe it has changed recently, portmaster always used the Ports tree version on my box, I also tried the -PP option and if the first package to update does not exist on the FTP, portmaster will end its work with an error instead of trying to get update for the next package.

vermaden · #8 September 8th, 2011, 10:03

Quote:

Originally Posted by Kiiski

Shouldn't that take care of situation you described?

I have just checked how portmaster -a -PP again behaves and that is the result:

Code:

===>>> Checking package repository for latest available version

===>>> The newest available package (sudo-1.8.1_5)
       is older than the version in ports (sudo-1.8.2)

===>>> Try --packages-if-newer, or do not use -PP/--packages-only
===>>> Aborting update

===>>> Update for security/sudo failed
===>>> Aborting update

The --packages-if-newer option is useless here since it will try to REBUILD/COMPILE all packages and we want to omit that.

alie · #9 September 19th, 2011, 10:42

Awesome good job! this thread enters Distrowatch weekly issue

http://distrowatch.com/weekly.php?issue=20110919#news

Yampress · #10 September 19th, 2011, 13:32

very good work Ver. ;D

nORKy · #11 September 19th, 2011, 15:30

Hi, I have 1 question : What is the diffrence between portmaster and pkg_* ?

EDIT : and an other : where do you track STABLE bugfix/securityfix ??

**wblock@** · #12 September 19th, 2011, 16:28

pors-mgmt/portmaster is an add-on tool for managing ports and packages. The various pkg_* programs are base system programs that only deal with packages.

Symbiosis · #13 September 19th, 2011, 16:39

Hi,

First of all thanks for your useful post.

I want to comment something about this:

Quote:

Also, if you do not feel that STABLE is 'production enought', then You may want to use STABLE packages along with RELEASE base system, You will need to define environment variable PACKAGESITE that will point to ftp://ftp.freebsd.org/pub/FreeBSD/po...stable/Latest/ at least for FreeBSD 8.x system.

I think that if you are on -RELEASE branch and you change to -STABLE packages you have to modify the environment variable 'BRANCH' for uma. If I don't add BRANCH=8-stable to my /usr/local/etc/uma.conf then the script ports-update doesn't work.

Best regards

vermaden · #14 September 19th, 2011, 20:56

@alie;@Yampress;@Symbiosis

Thanks mates

Quote:

Originally Posted by nORKy

Hi, I have 1 question : What is the diffrence between portmaster and pkg_* ?

Beyond the difference that wblock already mentioned, pkg_* tools allows You to install/manage/delete binary packages from FTP and/or other source and portmaster is a tool tat automates (re)building from source using the FreeBSD's Ports tree.

Quote:

Originally Posted by nORKy

EDIT : and an other : where do you track STABLE bugfix/securityfix ??

I check SA at the usual place, its the same for STABLE and RELEASE: http://www.freebsd.org/security/notices.html

... about BUGs, well, I browse from time to time this one: http://svnweb.freebsd.org/base/

Also reading FreeBSD's Mailing Lists sometimes helps where 'that and that has been merged from current' or 'fixed in stable'.

Quote:

Originally Posted by Symbiosis

I think that if you are on -RELEASE branch and you change to -STABLE packages you have to modify the environment variable 'BRANCH' for uma. If I don't add BRANCH=8-stable to my /usr/local/etc/uma.conf then the script ports-update doesn't work.

Interesting, I havent heard before about UMA, must read more about this, but it seams that its not applicable here since UMA is for using RELASE packages on STABLE and CURRENT systems while this guide is for the opposite, using STABLE packages on RELEASE system

mgp · #15 September 20th, 2011, 06:23

You may want to try portrac to keep track of the port updates. It's a simple GUI tool that checks periodically if there are updates to the ports that are installed. I'd also love to get some feedback about the tool.

vermaden · #16 September 20th, 2011, 07:46

@mgp

I have just tried it, not impressed, have that functionality already and even with port versions

nORKy · #17 September 20th, 2011, 07:51

This how-to is very interesing but, I don't think I can track STABLE on my productions servers. I don't want to stop my sever too many times when there is a bug in the base system.
I think, the best for me, it's to have a RELEASE base system and packages compiled and up to date.

I'm building a local server ports for my servers and a configuration mangament server (with puppet). I think it's better for me. And, in the futur, I think about a PXE boot, and automatic installations.

vermaden · #18 September 20th, 2011, 09:11

Quote:

Originally Posted by nORKy

This how-to is very interesting but, I don't think I can track STABLE on my productions servers.

Currently I am using this 'way' on my laptop and home NAS, but I agree that for servers that have compiled ports it would require to rebuild the needed ports every time there was packages available, which may also be a little pain, on servers its also often 3-5 ports with little dependencies that need to be rebuild, so it also does not take ages like with the whole desktop/x11/multimedia and so.

Quote:

I don't want to stop my sever too many times when there is a bug in the base system.

Who forces You to do so?

As I written in the HOWTO, its done very rarely, for most of the time its not needed to rebuild the base system, but on STABLE You have that possibility, on RELEASE, You are 'dead'

Quote:

I'm building a local server ports for my servers and a configuration mangament server (with puppet). I think it's better for me. And, in the futur, I think about a PXE boot, and automatic installations.

That is the best attitude, even to have the own freebsd-update server, so You could fix these potential bugs from STABLE using the freebsd-update utility.

Quote:

Originally Posted by vermaden

I check SA at the usual place, its the same for STABLE and RELEASE: http://www.freebsd.org/security/notices.html

... about BUGs, well, I browse from time to time this one: http://svnweb.freebsd.org/base/

I also forgot about that one: http://freshbsd.org/search?branch=RE...roject=freebsd

graudeejs · #19 September 20th, 2011, 09:58

Quote:

Originally Posted by mgp

You may wanna try portrac to keep track of the port updates. It's a simple GUI tool that checks periodically if there are updates to the ports that are installed. I'd also love to get some feedback about the tool.

Or you may try ports-mgmt/bxpkg for package updates (development is stalled, until FreeBSD-9)

alie · #20 September 20th, 2011, 12:10

Anything can do these ?

1. Periodically refresh package databases and prompt for updates.
2. Install packages from tarballs.
3. Search for packages by name, description, category or file.
4. Show package dependencies, files and reverse dependencies.
5. System tray notifiers

vermaden · #21 September 20th, 2011, 12:23

Quote:

1. Periodically refresh package databases and prompt for updates.

ports-check + ports-update

Quote:

2. Install packages from tarballs.

The Ports tree automates that.

Quote:

3. Search for packages by name, description, category or file.

Code:

# cd /usr/ports
# make search name=NAME

... or use http://freshports.org

Quote:

4. Show package dependencies, files and reverse dependencies.

Code:

# pkg_info -L package
# pkg_info -r package
# pkg_info -R package

also BXPKG is able to do that graphically.

Quote:

5. System tray notifiers

Doesn't PC-BSD have that? (haven't tried PC-BSD for quite long time)

alie · #22 September 20th, 2011, 13:33

@Vermaden: Thanks for the reply. What I mean is a GUI Frontends coded with KDE/Qt/Gtk/X11

Yes PC-BSD does that but not sure if the GUI available for FreeBSD?

nORKy · #23 September 20th, 2011, 19:38

Quote:

Originally Posted by vermaden

That is the best attitude, even to have the own freebsd-update server, so You could fix these potential bugs from STABLE using the freebsd-update utility.

hum.. freebsd-update can work on STABLE?

vermaden · #24 September 20th, 2011, 22:06

No, I mean HAVE YOUR OWN update server, check this out

http://freebsd.org/doc/en/articles/f...ver/index.html

That way You will be building ONCE and then using freebsd-update directly to your update server to binary updates for STABLE.

alie · #25 September 21st, 2011, 02:37

We should donate to build freebsd-update server for STABLE

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
HOWTO: FreeBSD Binary Upgrade (base system + packages)	vermaden	Howtos & FAQs (Moderated)	23	July 29th, 2012 04:39
Crosscompile the base system	minimike	Installing & Upgrading	4	August 12th, 2011 09:21
Installed a port and keeping it up to date	Cb	Installation and Maintenance of FreeBSD Ports or Packages	5	March 20th, 2011 07:06
Best way to keep my system up to date with the latest ports	churchi	Installation and Maintenance of FreeBSD Ports or Packages	7	October 4th, 2010 14:15
Is my system up-to-date?	skoinga	Installing & Upgrading	2	June 28th, 2010 15:59

The Following 23 Users Say Thank You to vermaden For This Useful Post:
ah7013 (September 20th, 2011), bbzz (October 22nd, 2011), beyert (April 4th, 2012), draco003 (June 5th, 2012), emmex (March 29th, 2013), erikano (October 23rd, 2011), hainan (September 19th, 2011), HarryE (December 13th, 2011), jarodlau (October 20th, 2011), lubos (January 23rd, 2012), Minbari (April 16th, 2012), Mindmerge (March 15th, 2012), Oxyd (September 19th, 2011), priyadarshan (November 8th, 2012), snh (January 11th, 2012), srivo (May 18th, 2012), stefanlasiewski (June 15th, 2012), tanthony (September 26th, 2011), vand777 (September 19th, 2011), yapphdorlw (March 9th, 2012), Zauron (October 20th, 2011), zeissoctopus (September 21st, 2011)

The Following 14 Users Say Thank You to vermaden For This Useful Post:
ah7013 (September 20th, 2011), alie (September 21st, 2011), hainan (September 19th, 2011), Lippy (January 4th, 2012), Minbari (April 16th, 2012), Mindmerge (March 15th, 2012), olivier (November 16th, 2011), snh (January 11th, 2012), stefanlasiewski (June 19th, 2012), Symbiosis (September 19th, 2011), throAU (July 4th, 2012), vertexSymphony (October 23rd, 2011), wdm (December 5th, 2012), YZMSQ (December 14th, 2011)

The Following 10 Users Say Thank You to vermaden For This Useful Post:
ah7013 (September 20th, 2011), alie (September 21st, 2011), hainan (September 19th, 2011), Minbari (April 16th, 2012), Mindmerge (March 15th, 2012), olivier (November 16th, 2011), priyadarshan (November 8th, 2012), snh (January 11th, 2012), wdm (December 5th, 2012), YZMSQ (September 5th, 2011)

The Following 4 Users Say Thank You to vermaden For This Useful Post:
hainan (September 19th, 2011), Minbari (April 16th, 2012), Mindmerge (March 15th, 2012), wdm (December 5th, 2012)

The Following User Says Thank You to vermaden For This Useful Post:
Mindmerge (March 15th, 2012)

The Following User Says Thank You to alie For This Useful Post:
dugo (December 14th, 2011)